Does Microsoft claim Pre-Boot Authentication not necessary?

Is Microsoft really claiming pre-boot authentication (PBA) for Full Disk Encryption (FDE) is not necessary? One could certainly get that impression from recent articles (HERE and HERE) posted by the organization. The first article on “Types of attacks for volume encryption keys” lists a few known historical attacks that “could be used to compromise a volume encryption key, whether for BitLocker or a non-Microsoft encryption solution”, and the second makes statements like “For many years, Microsoft has recommended using pre-boot authentication to protect against DMA and memory remanence attacks. Today, Microsoft only recommends using pre-boot authentication on PCs where the mitigations described in this document cannot be implemented.”

I will let you read the entire Microsoft articles yourself, if you like, but here is why they have missed the big picture. Encryption of any form doesn’t provide confidentiality without authentication. For example, a computer with a SED (Self Encrypting Drive), or software FDE that boots right into a user’s account without authenticating, leaves the data completely exposed. The need for authentication is obvious, but when should it be done? The two basic choices are:

Authenticate the user before the drive is unlocked and the OS is booted up.

Authenticate the user after the drive is unlocked. Unlock the drive automatically, then load the OS or an application and prompt the user to authenticate.

NB: You could also do both if you are a strong believer in defense in depth.

The first choice above is where PBA comes in. PBA provides an environment external to the operating system (OS) as a trusted authentication layer. The PBA prevents any data from being read from the drive, including the operating system, until the user has confirmed he/she has the correct password or other credentials.

The second choice would normally be to have the OS prompt the user for authentication credentials after unlocking. (BTW this isn’t PCI DSS compliant: Read more HERE.) I have never heard anyone argue that it is more secure to unlock or decrypt data BEFORE authenticating, but the article does seem to be saying that if you configure your OS just right and have the correct type of hardware, PBA is not necessary. The argument goes that PBA is only necessary to protect against RAM attacks where the attacker gets direct access to RAM, either physically or through a DMA port, and extracts the data encryption key (DEK). With proper configuration and the right hardware, this is not possible.

The argument that the security of PBA is not needed is incorrect for two reasons:

1) The attacker may deploy considerable resources to get valuable data on the machine, so you cannot rule that out without an analysis of the hardware on a model by model basis. Do you know the make, model, and firmware revision of all the hardware components (including TPM and memory) in your enterprise in order to decide if you need PBA or not on a machine by machine basis? And as even Microsoft states in this older ARTICLE, “TPM-only authentication method offers the lowest level of data protection. This authentication method protects against attacks that modify early boot components, but the level of protection can be affected by potential weaknesses in hardware or in the early boot components.”

2) More importantly, memory attacks are not the only possible attacks. Once booted into Windows and the drive is “unlocked”, full disk encryption is no longer providing any cryptographic protection, which is orders of magnitude stronger than the “programmed” security an OS can provide. If you let your computer boot automatically up to the OS prompt, you are putting all your faith in OS security and that of the machine hardware. You have to trust that even though the DEK is sitting in plain text in memory, and the data is all readable, that the OS login screen is going to keep attackers out, and that OS is not going to let data leak out of the device via LAN, WAN, or other ports or connections. Modern operating systems consist of millions of lines of code and are very complex. The computer hardware also evolves rapidly. Together, they constitute an enormous attack surface with countless potential unknown vulnerabilities. It is very difficult, if not impossible, to get a reasonable degree of assurance that authentication before decryption is not required.

On the other hand PBA’s main reason for existing is to cryptographically protect the drive keys. With PBA the attack surface is much smaller and manageable. For example, the PBA application can be submitted to a Common Criteria lab for certification against the collaborative Protection Profile (cPP) for FDE Authorization Acquisition (cPP AA). Read more HERE.

The argument against PBA is really based more on usability and high total cost of ownership (TCO). For example, in the Microsoft article on “Configuring BitLocker for Tablets” they write, “deploying pre-boot authentication within their organizations which results in a diminished user experience and increases support costs (for example, a forgotten PIN).” The answer to this is NOT to lower security and compliance standards to avoid the high TCO of PBA, but rather deploy products which have full-fledged PBA that addresses these issues. For example, WinMagic’s SecureDoc offers user-based authentication, self-recovery and network connectivity at pre-boot, providing a level of usability to match security requirements.

—

To summarize, Microsoft has got this one wrong. The fault in their logic is thinking that PBA is limited to protection against memory attacks AFTER automatically unlocking the drive. They missed the whole point of PBA, which is to prevent anything being read from the drive, such as the operating system BEFORE the user has confirmed they have the correct password or other credentials. PBA is a necessary component of a FDE solution in order to fully achieve the confidentiality (and compliance) that full disk encryption is capable of providing.

Or

Leave a Comment

comments

Tagged Under:

Garry, a CISSP, has more than 30 years of experience in data communications and information security. He has contributed to the development of WinMagic's full-disk encryption solutions for desktops, laptops, and other mobile devices. When he is not saving the world of data encryption, he takes off his cape to relax and enjoy life at the cottage. Garry writes from a position of technical expertise since we first started SecureSpeak, making him the longest running blogger at WinMagic. Garry McCracken

The Site is open to the public. Therefore, consider your comments carefully and do not include anything in a comment that you would like to keep private. By uploading or otherwise making available any information to WinMagic in the form of user generated comments or otherwise, you grant Winmagic the unlimited, perpetual right to distribute, display, publish, reproduce, reuse and copy the information contained therein.

You are responsible for the content you post. You may not impersonate any other person through the blog. You may not post content that is obscene, defamatory, threatening, fraudulent, invasive of another person’s privacy rights, or is otherwise unlawful. You may not post content that infringes the intellectual property rights of any other person or entity. You may not post any content that contains any computer viruses or any other code designed to disrupt, damage, or limit the functioning of any computer software or hardware.

By submitting or posting content on the blog, you grant WinMagic and any company substantially under its control, the right to remove any content or comment that, in WinMagic’s sole judgment, does not comply with the posting guideline, the terms of this website or is otherwise objectionable. You also grant WinMagic and any company substantially under its control the right to modify, adapt, and edit any content.

Your use of this blog is subject to the terms of use of the website on which this blog is hosted blog.winmagic.com. Because WinMagic values your thoughtful opinions, we encourage you to add a comment to this discussion. However, please don’t be offended if we edit your comments for clarity or to keep out questionable matters, and we may even delete off-topic comments. Any opinions expressed within the blog are those of the author and not necessarily held by WinMagic itself. The information on this blog may be changed without notice and is not guaranteed to be complete, correct, timely, current or up-to-date. Similar to any printed materials, the information on this blog may become out-of-date. Winmagic undertakes no obligation to update any information on the blog; provided, however, that WinMagic may update the information on this blog at any time without notice in WinMagic’s sole and absolute discretion.